how to make line visualization of log firewall automatically with csv data format? I want to show the ip address is connected or disconnected at any time, suppose x is the clock and y is the ip address. of the many ip address it will be difficult when making visualization one by one ip address, how to automatically can not make visualization eg using phyton, coding etc. please know me if you know. thank you
Hey,
do you already have data in your Elasticsearch? What format does the documents have?
I am also not sure exaclty what you want to draw in the chart. In the x-axis you want to have the time as far as I understood. On the y-axis should be the amount of online ip addresses?
It general you can do lots of charts also with Kibana directly (like splitting the chart by IP address via a Terms aggregation), but I would need some more information about your data format.
Cheers,
Tim
i have data in my elasticsearch, format log is csv.
sample log
2017/06/07,10:45:21,TRAFFIC,end,91.247.xxx.xxx,103.220.xxx.xxx,Outside-to-Inside-service,,,web-browsing,80,tcp,allow,7334,6836,498,18,2017/06/07 10:43:47,educational-institutions,0,6470432598,UA,ID,from-policy
sample visualization when i create
the log is a lot of ip address, when I make the visualization one by one then I will have trouble. how to make the visualization as shown above automatically.thank
Hey,
if you need to create this saved search and charts for multiple IP adresses, you could indeed use a script for it.
Kibana stores all it's data (i.e. also saved searches and visualizations) in an index called .kibana in your Elasticsearch cluster.
You can just query that index as any other and see what your saved search and chart object looks like and write a script (using Python, JS, or whatever you like) that creates those Elasticsearch documents for all IP adresses you need and inserts them into the .kibana index.
Cheers
Tim
are there any examples or references that discuss it? if there is I may ask for references or url addresses that discuss it. I need a sample script to make it. thank
I guess there is no actual documentation on the format these documents are stored in there, so best would be, just to query the .kibana index (with the common regular Elasticsearch API) and look at the documents.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.